-- SSL --

Generate self signed certificate:

	openssl req -x509 -newkey rsa:4096 -out <crtname>.pem -keyout <keyname>.pem -days 365 -nodes

	<crtname>.pem: PEM formatted file containing a base64 encoded X.509 certificate with public key
	<keyname>.pem: PEM formatted file containing a base64 encoded private key

	Note: Leave off the -nodes flag to be prompted for a password to encrypt the private key.

Start HTE server with SSL enabled:

	You need a PEM file containing your certificate and public key, and a PEM file containing
	your private key, both must have a (.pem) file extension. Copy both of these into the
	certs folder in the HostTE directory.
	
	Next run HostTE with the following options:

	./HostTE --cert <crtname> --pkey <keyname>

	Make sure to leave off the .pem extension for the file names in the above command.

	Note: If you're testing with a self-signed certificate, you will need to add the
	certificate (public key portion only) to the certs/cacert.pem file.

	cat <crtname>.pem >> ./certs/cacert.pem

	Don't confuse certs/cacert.pem (host authentication CA list), with ./certs/ca.pem
	(client authentication CA list), while the former is for validating a certificate
	received from a host when HostTE makes outgoing connections, the latter is for
	enabling client authentication to limit which devices can make a connection to
	the server.

	While client authentication is optional, certain features won't work without
	host authentication when SSL is enabled.

Generate P12 archive for client certificate:

	openssl pkcs12 -export -clcerts -in <crtname>.pem -inkey <keyname>.pem -out <crtname>.p12

	<crtname>.pem: PEM formmated file with X.509 certificate and public key
	<keyname>.pem: PEM formmated file encapsulating private key
	<crtname>.p12: P12 certificate containing public/private key

Enabling client authentication:

	If you have an X.509 certificate with the client's public key,
	first add it to the ca.pem file located in certs directory:

	openssl x509 -in <crtname>.pem -text >> HostTE/certs/ca.pem

	It's recommended to make a backup of the ca.pem file before doing this
	in case of accidental corruption.

	Append the --enableClientAuth option when running HostTE, if SSL is not enabled,
	this option will not take effect and a warning will be printed. 

	If client authentication is enabled, any client not connecting from the server
	machine that is hosting HostTE will be required to have a certificate and
	private-key corresponding a public-key stored in the ca.pem keystore
	for the SSL handshake to be successful.

    See above for the steps for generating a P12 file containing the client
	certificate, public key, and private key for use in importing to their
	browser/device (the server does not need the .p12 certificate).
